negroni 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 862ef7ec915b261c58ccae478762ddfaa3d8e786
+  data.tar.gz: b4dd5712588c466dcca659bba213cc350cc78fa3
+SHA512:
+  metadata.gz: b8e97dfc7fb1c0defc7033859205fb5d6a2619f7cb38f795a4bd042ebcd0d275d331ce1f37bf4b6e13e7a2939f2839758f93b449e550a2928ab08a023329433e
+  data.tar.gz: cee2afbb8b7e955fac0fce75f153538fa1993c5a06e0761afa9bd274e33e00a16857473461c77dbbe19faa180819d18e1a14b4ea7c7fbdbce33b16e74a8a9b8b

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 J. Morgan Lieberthal
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+# Negroni
+Negroni is a user-management solution for Rails.  It is indended for api-only
+applications.
+
+Born out of [devise][devise-gh], it removes all the session-related code,
+focusing on JSON web token authentication, using [knock][knock-gh].
+
+As with [devise][devise-gh], both ActiveRecord and Mongoid are supported.
+
+## Rails Version
+This gem was developed with Rails version 5.0.0.1, but should work with anything
+greater that Rails 5.
+
+## Usage
+First, install the gem (see [installation](#Installation) for details.)
+
+To install the initializers, run:
+
+```bash
+$ bin/rails generate negroni:install
+```
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'negroni'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install negroni
+```
+
+## Documentation
+
+Documentation is avaliable by running:
+
+```bash
+$ rake docs
+```
+
+in the root folder of the project.  Docs will be placed in doc/.
+
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+
+[devise-gh]: https://github.com/plataformatec/devise
+[knock-gh]:  https://github.com/nsarno/knock

data/Rakefile

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path('../spec/test_app/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+ENV['COVERAGE'] ||= 'true'
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern = Dir['spec/**/*_spec.rb']
+  t.rspec_opts = '-f doc'
+end
+
+task default: :spec
+
+Dir["#{File.dirname(__FILE__)}/spec/support/orm/*.rb"].each do |file|
+  orm = File.basename(file).split('.').first
+  # There __must__ be a better way to do this.
+  namespace :spec do
+    desc "Run RSpec examples with AA_ORM=#{orm}"
+    task "orm:#{orm}" do
+      exit 1 unless system "AA_ORM=#{orm} rake spec"
+    end
+
+    desc 'Run RSpec examples for all supported orms'
+    task 'orm:all' => "spec:orm:#{orm}"
+  end
+end
+
+task ci: :default
+task ci: 'spec:orm:all'
+
+require 'yard/rake/yardoc_task'
+
+YARD::Rake::YardocTask.new(:docs) do |t|
+  require 'yard'
+  t.options = ['--yardopts', '.yardopts']
+  t.stats_options = ['--list-undoc']
+end
+
+task default: :docs
+
+require 'rubocop/rake_task'
+
+desc 'Run RuboCop on the app, config, lib, and spec directories'
+RuboCop::RakeTask.new do |t|
+  t.patterns = ['{app,config,lib,spec/^test_app}/**/*.rb']
+  t.formatters = %w(clang)
+  t.fail_on_error = false
+  t.requires = ['rubocop-rspec']
+  t.options = %w(--config .rubocop.yml)
+end
+
+task default: :rubocop

data/app/mailers/negroni/mailer.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+if defined?(ActionMailer)
+  module Negroni
+    # @!parse
+    #   # Mailer for all auth-related mail
+    #   class Mailer < ActionMailer::Base; end
+    #
+    # The base mailer for all emails
+    class Mailer < Negroni.parent_mailer.constantize
+      include Negroni::Mailers::Helpers
+
+      # Sends `record` instructions to reset their password using `token`
+      #
+      # @param record [Object, #email] the record to send instructions
+      # @param token [String] the token needed to reset the password
+      # @param options [Hash] a hash of options for the mail
+      #
+      def reset_password_instructions(record, token, options = {})
+        @token = token
+        negroni_mail(record, :reset_password_instructions, options)
+      end
+
+      # Sends `record` instructions to unlock their account using `token`
+      #
+      # @param record [Object, #email] the record to send instructions
+      # @param token [String] the token needed to reset the password
+      # @param options [Hash] a hash of options for the mail
+      #
+      def unlock_instructions(record, token, options = {})
+        @token = token
+        negroni_mail(record, :unlock_instructions, options)
+      end
+
+      # Sends `record` a notification of password changes
+      #
+      # @param record [Object, #email] the record to send instructions
+      # @param options [Hash] a hash of options for the mail
+      #
+      def password_change(record, options = {})
+        negroni_mail(record, :password_change, options)
+      end
+    end
+  end
+end

data/app/views/negroni/mailer/password_change.html.erb

@@ -0,0 +1,5 @@
+<p>Hello <%= @resource.email %></p>
+
+<p>We're contacting you to notify you that your password has changed.</p>
+
+<p>If you wanted this to happen, you can safely ignore this email. Otherwise, please contact us.</p>

data/app/views/negroni/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %></p>
+
+<p>Someone has requested a link to change your password. You can do this via the below link.</p>
+
+<%# <p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %1></p> %>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the above link and create a new one.</p>

data/app/views/negroni/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<%# <p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %1></p> %>

data/config/locales/en.yml

@@ -0,0 +1,9 @@
+en:
+  errors:
+    messages:
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      not_locked: "was not locked"
+      not_saved:
+        one: "one (1) error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"

data/config/routes.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+Negroni::Engine.routes.draw do
+end

data/lib/negroni.rb

@@ -0,0 +1,209 @@
+# frozen_string_literal: true
+
+require 'rails'
+require 'knock'
+require 'active_support/core_ext/numeric/time'
+require 'active_support/dependencies'
+require 'orm_adapter'
+require 'securerandom'
+
+require 'negroni/version'
+
+# Negroni extracts common authentication configuration to be used across the
+# application.
+module Negroni
+  extend ActiveSupport::Autoload
+
+  autoload :Configuration,  'negroni/configuration'
+  autoload :Encryptor,      'negroni/encryptor'
+  autoload :OmniAuth,       'negroni/omniauth'
+  autoload :ParamFilter,    'negroni/param_filter'
+  autoload :Resolver,       'negroni/resolver'
+  autoload :TokenGenerator, 'negroni/token_generator'
+  autoload :TokenNotFound,  'negroni/token_not_found'
+
+  # Namespace for controllers
+  module Controllers
+    autoload :Helpers,            'negroni/controllers/helpers'
+    autoload :TokenAuthenticable, 'negroni/controllers/token_authenticable'
+  end
+
+  # Namespace for mailer-related code
+  module Mailers
+    autoload :Helpers, 'negroni/mailers/helpers'
+  end
+
+  # @api private
+  # To hold all modules
+  ALL = [] # rubocop:disable Style/MutableConstant
+
+  extend Configuration::Delegation
+
+  class << self
+    # @!group Private Configuration
+
+    # Stores OmniAuth configurations
+    # @return [Hash<Symbol,OmniAuth::Config>]
+    attr_accessor :omniauth_configs
+
+    # When true, enter in paranoid mode to avoid user enumeration.
+    # @return [Boolean]
+    attr_accessor :paranoid
+
+    # Stores the token generator
+    # @return [TokenGenerator]
+    attr_accessor :token_generator
+
+    # Stores the secret key
+    # @return [String]
+    attr_accessor :secret_key
+
+    # @!attribute [rw] mailer
+    #   @return [Mailer]
+
+    # Returns the mailer
+    # @return [Mailer]
+    def mailer
+      @mailer_ref.resolve
+    end
+
+    # Set the mailer class
+    def mailer=(new_mailer)
+      @mailer_ref = ref(new_mailer)
+    end
+
+    # @!endgroup
+
+    # Yields the module for configuration. This is the standard way to configure
+    # Negroni.
+    #
+    # @yield [Negroni]
+    # @return [Void]
+    def configure
+      yield self
+    end
+
+    # List of OmniAuth provider that are registered
+    # @return [Array<Symbol>]
+    def omniauth_providers
+      omniauth_configs.keys
+    end
+
+    # Register an OmniAuth provider.
+    #
+    # @param provider [Symbol] the OmniAuth provider to register
+    # @param args [Object*] any additional arguments needed to configure and
+    #   initialize the provider
+    #
+    # @example
+    #   config.omniauth :github, APP_ID, APP_SECRET
+    #
+    # @return [Void]
+    def omniauth(provider, *args)
+      config = Negroni::OmniAuth::Config.new(provider, args)
+      omniauth_configs[config.strategy_name.to_sym] = config
+    end
+
+    # Generate a friendly string randomly to be used as a token.
+    #
+    # @note: Taken from `Devise`.
+    #
+    # @param length [Integer] the length of the token.  Default: 20
+    # @return [String] the generated token
+    def friendly_token(length = 20)
+      rlength = (length * 3) / 4
+      SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')
+    end
+
+    # Securely compare two passwords
+    #
+    # @param a [String] the hashed password
+    # @param b [String] the password to compare
+    #
+    # @return [Boolean] whether or not the passwords match
+    def secure_compare(a, b)
+      return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res.zero?
+    end
+
+    private
+
+    # Create a reference
+    # @return [Resolver]
+    def ref(arg)
+      ActiveSupport::Dependencies.reference(arg)
+      Resolver.new(arg)
+    end
+  end
+
+  self.omniauth_configs = {}
+  self.paranoid = false
+  self.token_generator = nil
+  self.mailer = 'Negroni::Mailer'
+
+  class << self
+    # @!group Module Registration
+
+    # Register available negroni modules. For the standard modules that Negroni
+    # provides, this method is called from lib/negroni/modules.rb. Third-party
+    # modules need to be added explicitly using this method.
+    #
+    # @note that adding a module using this method does not cause it to be used
+    #   in the authentication process. That requires that the module be listed in
+    #   the arguments passed to the 'negroni' method in the model class
+    #   definition.
+    #
+    # @param module_name [Symbol] the name of the module to register
+    # @param options [Hash] a hash of options
+    # @option options [String] :model the load path to a custom __model__ for
+    #         this module (to autoload.)
+    # @option options [Symbol, Boolean] :controller the name of an existing or
+    #         custom __controller__ for this module.
+    # @option options [Symbol, Boolean] :route the named __route__ helper for
+    #         this module.
+    #
+    # All values which accept a boolean will have the same name as the given
+    # module name.
+    #
+    # @return [Void]
+    #
+    # @example
+    #   Negroni.register_module(:party_module)
+    #   Negroni.register_module(:party_module, model: 'party_module/model')
+    #   Negroni.register_module(:party_module, insert_at: 0)
+    #
+    def register_module(module_name, options = {})
+      options.assert_valid_keys(:model, :controller, :insert_at)
+
+      ALL.insert (options[:insert_at] || -1), module_name
+
+      if (controller = options[:controller])
+        register_controller(controller, module_name)
+      end
+
+      options[:model] && register_model(options[:model], module_name)
+    end
+
+    private
+
+    def register_controller(controller, module_name)
+      controller = (controller == true ? module_name : controller)
+      CONTROLLERS[module_name] = controller
+    end
+
+    def register_model(model, module_name)
+      path = (model == true ? "negroni/models/#{module_name}" : model)
+      camelized = ActiveSupport::Inflector.camelize(module_name.to_s)
+      Negroni::Models.send(:autoload, camelized.to_sym, path)
+    end
+  end
+end
+
+require 'negroni/models'
+require 'negroni/modules'
+require 'negroni/engine'